v4.1.0-RC1
- Add support for docker.elastic.co/elasticsearch/elasticsearch #50119
- Narrow the scope of icons pattern to /icons/icon-* #50084
- Add configuration options for KafkaTemplate's allowNonTransactional and closeTimeout #49954
- Align ReactorHttpClientBuilder defaults with Spring Framework and provide an opt-out #49950
- Add support for providing a custom SessionTimeout bean #49883
- Add support for Redis Annotation driven listeners #49858
- Support spring.webflux.default-html-escape property for application-wide HTML escaping configuration #49791
- Add fallback support for '/opt/homebrew/bin' on macOS #49721
- Support InetAddress filtering for HTTP Clients #49687
- Monitor certificates from truststore in SslMeterBinder #49641
- Enable ansi support by default on Windows 11+ #49571
- Add '
@GrpcAdvice' exception handling support #49053 - Add support for OpenTelemetry SDK environment variables #48799
- Add ability to read custom layers.xml from classpath #32466
- Support LazyConnectionDataSourceProxy #15480
- Default security is misconfigured when spring-boot-actuator-autoconfigure is present and spring-boot-health is not #50190
- Elasticsearch Rest5Client auto-configuration misconfigures underlying HTTP client #50189
- ApplicationPidFileWriter does not handle symlinks correctly #50186
- RandomValuePropertySource is not suitable for secrets #50184
- Cassandra auto-configuration misconfigures CqlSessionBuilder #50182
- ApplicationTemp does not handle symlinks correctly #50179
- Remote DevTools performs comparison incorrectly #50177
- spring.rabbitmq.ssl.verify-hostname is applied inconsistently #50175
- GrpcDisableCsrfHttpConfigurer incorrectly uses inverse of 'spring.grpc.server.security.csrf.enabled' property #50145
- API versioning path strategy should be applied path last as it is not meant to yield #50127
- Whole number values are ignored when configuring min and max expected values and SLO boundaries for a distribution summary meter #50078
- Classic starters are missing several modules #50072
- Module spring-boot-resttestclient is missing from spring-boot-starter-test-classic #50070
- Annotations like
@Ssldon't work on@Beanmethods when using@ServiceConnection#50065 - EnversRevisionRepositoriesRegistrar should reuse
@EnableEnversRepositoriesrather than configuring the JPA counterpart #50040 - WebFlux Cloud Foundry links endpoint includes query string from received request in resolved links #50018
- Imports on a containing test class are ignored when a nested class has imports #50013
- Spring Security's PathPatternRequestMatcher.Builder is not auto-configured when using WebMvcTest and spring-boot-security-test #49988
- Reactive MongoDB starter has a transitive dependency on the synchronous MongoDB driver #49958
- With spring.jackson.use-jackson2-defaults set to true, FAIL_ON_UNKNOWN_PROPERTIES is enabled #49957
- 500 response from env endpoint when supplied pattern is invalid #49947
- HTTP method is lost when configuring excludes in EndpointRequest #49944
- Honor HttpMethod for reactive additional endpoint paths #49881
- Docker Compose support doesn't work with apache/artemis image #49870
- Docker Compose support doesn't work with apache/activemq image #49867
- ReactiveOAuth2ResourceServerAutoConfiguration should trigger only on real Reactive Applications #49807
- Test starters 'spring-boot-starter-grpc-client-test' and 'spring-boot-starter-grpc-server-test' are missing #49690
- Properties in '
@ConfigurationProperties' annotated type shouldn't be able to define the same '@Name' #49565 - Distribution's SLO, minimum expected value, and maximum expected value are not applied to long task timer meters #49190
- WebConversionService breaks embedded value resolving #8923
- Update docs to encourage Java fundamentals for beginners that prefer to learn that way #50147
- HTTP Service Interface Clients still document that API versioning can be configured via properties #50128
- Link to the observability section of the Lettuce documentation is broken #50098
- Javadoc for StaticResourceLocation.FAVICON doesn't describe icons location #50086
- MySamlRelyingPartyConfiguration is missing a Kotlin sample #50025
- Move OAuth2 and SAML 2.0 documentation to a security section #50022
- Incorrect default value for management.httpexchanges.recording.include in configuration metadata #50020
- Link to the Kubernetes documentation when discussing startup probes #50016
- Document missing gRPC's default unit in GrpcClientProperties #49879
- Document the need for Liquibase and Flyway starters #49875
- Typo in JdbcSessionAutoConfiguration Javadoc #49874
- Clarify that configuration property default values are not available through the Environment #49852
- Kafka documentation refers to deprecated JSON serializer and deserializer classes #49834
- Document gRPC Support #49291
- Upgrade to ActiveMQ 6.2.4 #50002
- Upgrade to Byte Buddy 1.18.8 #49922
- Upgrade to Couchbase Client 3.11.2 #50066
- Upgrade to Ehcache3 3.12.0 #49923
- Upgrade to Elasticsearch Client 9.3.4 #50099
- Upgrade to Flyway 12.4.0 #50079
- Upgrade to Git Commit ID Maven Plugin 9.2.0 #49925
- Upgrade to Groovy 5.0.5 #49926
- Upgrade to Hibernate 7.2.12.Final #50136
- Upgrade to HttpClient5 5.6.1 #50137
- Upgrade to Infinispan 16.1.3 #49928
- Upgrade to Jackson Bom 3.1.2 #50055
- Upgrade to Jaxen 2.0.1 #50106
- Upgrade to Jaybird 6.0.5 #49930
- Upgrade to Jedis 7.4.1 #50030
- Upgrade to Jetty 12.1.8 #49931
- Upgrade to jOOQ 3.21.2 #50107
- Upgrade to Kotlin Serialization 1.11.0 #50138
- Upgrade to Lettuce 7.5.1.RELEASE #50031
- Upgrade to Log4j2 2.25.4 #49933
- Upgrade to Lombok 1.18.46 #50154
- Upgrade to MariaDB 3.5.8 #49934
- Upgrade to Micrometer 1.17.0-RC1 #49990
- Upgrade to Micrometer Tracing 1.7.0-RC1 #49991
- Upgrade to MySQL 9.7.0 #50160
- Upgrade to Native Build Tools Plugin 1.0.0 #49920
- Upgrade to Native Build Tools Plugin 1.1.0 #48968
- Upgrade to Neo4j Java Driver 6.0.5 #50076
- Upgrade to OpenTelemetry 1.60.1 #50004
- Upgrade to Protobuf Common Protos 2.70.0 #50080
- Upgrade to Protobuf Maven Plugin 5.1.3 #50056
- Upgrade to Pulsar 4.2.0 #49900
- Upgrade to Rabbit AMQP Client 5.30.0 #50081
- Upgrade to Rabbit Stream Client 1.6.0 #50082
- Upgrade to Reactor Bom 2025.0.5 #49992
- Upgrade to Selenium 4.43.0 #50057
- Upgrade to Selenium HtmlUnit 4.43.0 #50058
- Upgrade to Spring AMQP 4.1.0-RC1 #49993
- Upgrade to Spring Data Bom 2026.0.0-RC1 #49994
- Upgrade to Spring Framework 7.0.7 #49995
- Upgrade to Spring GraphQL 2.0.3 #49996
- Upgrade to Spring gRPC 1.1.0-RC1 #50157
- Upgrade to Spring HATEOAS 3.1.0-RC1 #50108
- Upgrade to Spring Integration 7.1.0-RC1 #49997
- Upgrade to Spring Kafka 4.1.0-RC1 #49998
- Upgrade to Spring LDAP 4.1.0-RC1 #49999
- Upgrade to Spring Pulsar 2.0.5 #50000
- Upgrade to Spring Security 7.1.0-RC1 #50001
- Upgrade to Spring Session 4.1.0-RC1 #50144
- Upgrade to SQLite JDBC 3.53.0.0 #50068
- Upgrade to Testcontainers 2.0.5 #50139
- Upgrade to Thymeleaf 3.1.5.RELEASE #50155
- Upgrade to Thymeleaf Extras SpringSecurity 3.1.5.RELEASE #50156
- Upgrade to Tomcat 11.0.21 #49936
Thank you to all the contributors who worked on this release:
@GollapudiSrikanth, @MohammedGhallab, @bachhs, @bartsopers, @bbbbooo, @dlwldnjs1009, @edwardsre, @erichaagdev, @froggy-hyun, @husseinvr97, @itsmevichu, @kodama-kcc, @kwondh5217, @onobc, @plumstone, @ppapaj, @quaff, @refeccd, @scordio, and @xxxxxxjun
v4.0.6
- Default security is misconfigured when spring-boot-actuator-autoconfigure is present and spring-boot-health is not #50188
- Elasticsearch Rest5Client auto-configuration misconfigures underlying HTTP client #50187
- ApplicationPidFileWriter does not handle symlinks correctly #50185
- RandomValuePropertySource is not suitable for secrets #50183
- Cassandra auto-configuration misconfigures CqlSessionBuilder #50180
- ApplicationTemp does not handle symlinks correctly #50178
- Remote DevTools performs comparison incorrectly #50176
- spring.rabbitmq.ssl.verify-hostname is applied inconsistently #50174
- Whole number values are ignored when configuring min and max expected values and SLO boundaries for a distribution summary meter #50077
- Classic starters are missing several modules #50071
- Module spring-boot-resttestclient is missing from spring-boot-starter-test-classic #50069
- Annotations like
@Ssldon't work on@Beanmethods when using@ServiceConnection#50064 - EnversRevisionRepositoriesRegistrar should reuse
@EnableEnversRepositoriesrather than configuring the JPA counterpart #50039 - WebFlux Cloud Foundry links endpoint includes query string from received request in resolved links #50017
- Imports on a containing test class are ignored when a nested class has imports #50012
- With spring.jackson.use-jackson2-defaults set to true, FAIL_ON_UNKNOWN_PROPERTIES is enabled #49951
- 500 response from env endpoint when supplied pattern is invalid #49946
- Reactive MongoDB starter has a transitive dependency on the synchronous MongoDB driver #49945
- HTTP method is lost when configuring excludes in EndpointRequest #49943
- Honor HttpMethod for reactive additional endpoint paths #49880
- Docker Compose support doesn't work with apache/artemis image #49869
- Docker Compose support doesn't work with apache/activemq image #49866
- Spring Security's PathPatternRequestMatcher.Builder is not auto-configured when using WebMvcTest and spring-boot-security-test #49854
- API versioning path strategy should be applied path last as it is not meant to yield #49800
- Update docs to encourage Java fundamentals for beginners that prefer to learn that way #50146
- HTTP Service Interface Clients still document that API versioning can be configured via properties #50126
- Link to the observability section of the Lettuce documentation is broken #50097
- Javadoc for StaticResourceLocation.FAVICON doesn't describe icons location #50085
- MySamlRelyingPartyConfiguration is missing a Kotlin sample #50024
- Incorrect default value for management.httpexchanges.recording.include in configuration metadata #50019
- Link to the Kubernetes documentation when discussing startup probes #50015
- Typo in JdbcSessionAutoConfiguration Javadoc #49873
- Clarify that configuration property default values are not available through the Environment #49851
- Document the need for Liquibase and Flyway starters #49839
- Kafka documentation refers to deprecated JSON serializer and deserializer classes #49826
- Upgrade to Elasticsearch Client 9.2.8 #50027
- Upgrade to Groovy 5.0.5 #49911
- Upgrade to Hibernate 7.2.12.Final #50134
- Upgrade to Jackson Bom 3.1.2 #50051
- Upgrade to Jaxen 2.0.1 #50104
- Upgrade to Jaybird 6.0.5 #49914
- Upgrade to Jetty 12.1.8 #49915
- Upgrade to jOOQ 3.19.32 #50105
- Upgrade to Log4j2 2.25.4 #49916
- Upgrade to Lombok 1.18.46 #50150
- Upgrade to MariaDB 3.5.8 #49917
- Upgrade to Micrometer 1.16.5 #49972
- Upgrade to Micrometer Tracing 1.6.5 #49973
- Upgrade to MongoDB 5.6.5 #50028
- Upgrade to MySQL 9.7.0 #50159
- Upgrade to Neo4j Java Driver 6.0.5 #50075
- Upgrade to Reactor Bom 2025.0.5 #49974
- Upgrade to Spring AMQP 4.0.3 #49975
- Upgrade to Spring Data Bom 2025.1.5 #49976
- Upgrade to Spring Framework 7.0.7 #49977
- Upgrade to Spring GraphQL 2.0.3 #49978
- Upgrade to Spring Kafka 4.0.5 #49979
- Upgrade to Spring LDAP 4.0.3 #49980
- Upgrade to Spring Pulsar 2.0.5 #49981
- Upgrade to Spring Security 7.0.5 #49982
- Upgrade to Spring Session 4.0.3 #49983
- Upgrade to Testcontainers 2.0.5 #50135
- Upgrade to Thymeleaf 3.1.5.RELEASE #50152
- Upgrade to Thymeleaf Extras SpringSecurity 3.1.5.RELEASE #50153
- Upgrade to Tomcat 11.0.21 #49918
Thank you to all the contributors who worked on this release:
@GollapudiSrikanth, @MohammedGhallab, @bachhs, @dlwldnjs1009, @edwardsre, @kodama-kcc, @kwondh5217, @ppapaj, @quaff, @refeccd, @scordio, and @xxxxxxjun
v3.5.14
- ApplicationPidFileWriter does not handle symlinks correctly #50173
- RandomValuePropertySource is not suitable for secrets #50172
- Cassandra auto-configuration misconfigures CqlSessionBuilder #50171
- ApplicationTemp does not handle symlinks correctly #50170
- Remote DevTools performs comparison incorrectly #50169
- spring.rabbitmq.ssl.verify-hostname is applied inconsistently #50168
- EnversRevisionRepositoriesRegistrar should reuse
@EnableEnversRepositoriesrather than configuring the JPA counterpart #50035 - Annotations like
@Ssldon't work on@Beanmethods when using@ServiceConnection#50033 - Whole number values are ignored when configuring min and max expected values and SLO boundaries for a distribution summary meter #50021
- WebFlux Cloud Foundry links endpoint includes query string from received request in resolved links #50008
- 500 response from env endpoint when supplied pattern is invalid #49942
- HTTP method is lost when configuring excludes in EndpointRequest #49885
- Docker Compose support doesn't work with apache/artemis image #49865
- Honor HttpMethod for reactive additional endpoint paths #49864
- Docker Compose support doesn't work with apache/activemq image #49863
- Imports on a containing test class are ignored when a nested class has imports #49860
- Link to the observability section of the Lettuce documentation is broken #50092
- Javadoc for StaticResourceLocation.FAVICON doesn't describe icons location #50083
- MySamlRelyingPartyConfiguration is missing a Kotlin sample #50023
- Incorrect default value for management.httpexchanges.recording.include in configuration metadata #50010
- Link to the Kubernetes documentation when discussing startup probes #50007
- Update docs to encourage Java fundamentals for beginners that prefer to learn that way #49895
- Clarify that configuration property default values are not available through the Environment #49835
- Upgrade to Groovy 4.0.31 #49905
- Upgrade to Hibernate 6.6.49.Final #50140
- Upgrade to Jaxen 2.0.1 #50109
- Upgrade to Jaybird 6.0.5 #49907
- Upgrade to Jetty 12.0.34 #49908
- Upgrade to jOOQ 3.19.32 #50110
- Upgrade to Lombok 1.18.46 #50148
- Upgrade to MariaDB 3.5.8 #49909
- Upgrade to Micrometer 1.15.11 #49961
- Upgrade to Micrometer Tracing 1.5.11 #49962
- Upgrade to MySQL 9.7.0 #50161
- Upgrade to Neo4j Java Driver 5.28.13 #50074
- Upgrade to Reactor Bom 2024.0.17 #49963
- Upgrade to Spring AMQP 3.2.10 #49964
- Upgrade to Spring Authorization Server 1.5.7 #49965
- Upgrade to Spring Data Bom 2025.0.11 #49966
- Upgrade to Spring Framework 6.2.18 #49967
- Upgrade to Spring Kafka 3.3.15 #50129
- Upgrade to Spring LDAP 3.3.7 #49968
- Upgrade to Spring Pulsar 1.2.17 #49969
- Upgrade to Spring Security 6.5.10 #49970
- Upgrade to Spring Session 3.5.6 #49971
- Upgrade to Thymeleaf 3.1.5.RELEASE #50149
- Upgrade to Thymeleaf Extras SpringSecurity 3.1.5.RELEASE #50151
- Upgrade to Tomcat 10.1.54 #49910
Thank you to all the contributors who worked on this release:
@MohammedGhallab, @dlwldnjs1009, @edwardsre, @kodama-kcc, @kwondh5217, @quaff, @refeccd, and @scordio
26.0
This is the 26.0 release of graphql-java. Highlights are summarized below; the full list of merged PRs is at the end.
New QueryComplexityLimits validation checks maxDepth (default 100) and maxFieldsCount (default 100,000) as part of standard validation. Queries exceeding these limits will now fail with new MaxQueryDepthExceeded / MaxQueryFieldsExceeded validation errors.
- Set custom limits via
GraphQLContextusingQueryComplexityLimits.KEY. - Disable entirely with
QueryComplexityLimits.NONE.
Introduced in #4256.
In #4228 the rule-filter predicate changed from Predicate<Class<?>> to Predicate<OperationValidationRule> in Validator.validateDocument(...) and ParseAndValidate.parseAndValidate(...). Callers that filtered by class (e.g. rule -> rule != NoUnusedFragments.class) must migrate to the enum (rule -> rule != OperationValidationRule.NO_UNUSED_FRAGMENTS). The @Internal classes AbstractRule and RulesVisitor were removed.
DirectiveInfowas removed. Replace usages:DirectiveInfo.isGraphqlSpecifiedDirective(...)→Directives.isBuiltInDirective(...)DirectiveInfo.GRAPHQL_SPECIFICATION_DIRECTIVES→Directives.BUILT_IN_DIRECTIVESDirectiveInfo.GRAPHQL_SPECIFICATION_DIRECTIVE_MAP→Directives.BUILT_IN_DIRECTIVES_MAP
- Directive ordering is now consistent: all 7 built-in directives appear first, followed by user-defined directives.
GraphQLSchema.Builder.clearDirectives()was initially removed then re-added in #4276 with new semantics — it clears alladditionalDirectives, but built-in directives are always re-added automatically at build time.
New validator rejects OneOf input types that cannot be populated with a finite value (e.g. input A @oneOf { a: A }). Schemas that previously validated may now be rejected.
Code-built schemas now perform the same deprecated-on-non-null field validation as SDL-built ones. Schemas relying on the gap may now fail validation.
The return type was incorrectly annotated nullable. Callers may now drop redundant null checks; downstream nullness tooling will reflect the change.
Waves 2 and 3 (#4184, #4274) plus many individual PRs annotated hundreds of classes across graphql.analysis, graphql.execution, graphql.language, graphql.schema and others with @NullMarked/@NullUnmarked/@Nullable. Kotlin and other null-aware callers will now see stricter nullability contracts; code that relied on previously-permissive signatures may need adjustment.
GraphQLSchema.FastBuilder(#4197) — a more restrictive but ~5× faster schema builder that reduces both time and memory for large schemas.- Query complexity limits (#4256) — depth/field-count guardrails baked into validation (see breaking changes above for the enforcement side).
QueryAppliedDirectiveon operations and documents (#4297) — directives applied at the operation/document level are now exposed asQueryAppliedDirectives.- New instrumentation hook for post-exception-handling results (#4206, #4207) — observe the
DataFetcherResultafterDataFetcherExceptionHandlerhas mapped exceptions to errors.ChainedInstrumentationdelegates the new hook correctly. - Generic
DataFetcherResult.newBuilder(T data)(#4254) — removes the need for explicit type witnesses on the commonDataFetcherResult.<T>newResult().data(x)...pattern. - Re-added
GraphQLSchema.Builder.clearDirectives()(#4276) — useful withGraphQLSchema.transformto rewrite non-built-in directives; built-ins are always re-added. toString()on AST directives holders (#4195).
- Incremental
@deferexecution starts earlier (#4174) — begins processing deferred payloads as soon as the first incremental call is detected instead of waiting for the initial result to complete. - Validation consolidation (#4228) — all operation validation rules run in a single
OperationValidatorpass, significantly cutting validation overhead. - Reduced allocations on the execution hot path (#4252):
Async$Many.materialisedList()— replacedArrayListcopy with a zero-copyArrays.asList()wrapper.ResultPath.toStringValue— lazy computation; the string form is only built on firsttoString()(typically only during error reporting).- New
GraphQLCodeRegistry.getDataFetcher(String, String, GraphQLFieldDefinition)overload avoiding per-fetchFieldCoordinatesallocations (~54 KB/op reduction).
FastBuilderfor schema construction (#4197) — see New Features.- Fixed
ShallowTypeRefCollectorto also resolve type refs inside applied directive arguments and enum value definitions (#4288) — correctness fix enablingFastBuilderto be used on more schemas.
- DataLoader dispatch with multiple
@deferfragments (#4270) — fixes a case where DataLoaders were not dispatched correctly when multiple deferred fragments were in play. CompletionStageSubscriberrace condition (#4296) — completion signal could be lost if an in-flightCompletionStageresolved concurrently. Fix is backed by new jcstress stress tests.PropertyDataFetcheron non-public classes (#4287) — properties on non-public classes that implement public interfaces (e.g.TreeMap.Entry) now fetch correctly on Java 16+ by searching public interfaces.ExecutableNormalizedFieldrespectsGraphqlFieldVisibility(#4204) — selection-set APIs now use the schema's configured visibility instead of going straight to the type.ScheduledDataLoaderRegistry"dispatch all" fix (#4164).ChainedInstrumentationonExceptionHandleddelegation (#4207).
- Fixes for complex field-visibility transformer cases and schema transformation when deletions cascade (#4203, #4205, #4208, #4209, #4212, #4213, #4275).
- Overlapping-fields null-type regression fixed (#4291).
GraphQLTypeCollectingVisitornow recursively traverses indirect strong references (#4213).SchemaTraverser::depthFirstoverload signature fix (#4165).
- Bytecode-modified classes no longer ship in published JARs (#4343) — the
@Generatedannotation injected for coverage reporting was leaking into published artifacts. JARs now contain pristine compiler output. - Trojan Source / glassworm Unicode detection (#4344) — pre-commit hook and CI workflow now reject dangerous BiDi/zero-width/control characters in source.
- Windows compatibility (#4239) — removed colons from
performance-results/filenames, split the oversizedlarge-schema-5.graphqls, added pre-commit + CI checks.
getDataLoadertype bounds improved (#4180).- Build and test on Java 25 (#4173, #4330).
- Many dependency updates (Reactor, Jackson, Kotlin, Groovy, Gradle, ByteBuddy, errorprone, etc.) across the release.
Expand to see all merged PRs
- use dispatch all to not break ScheduledDataLoaderRegistry by @andimarek in https://github.com/graphql-java/graphql-java/pull/4164
- Upgrade to Gradle 9.2.0 by @Copilot in https://github.com/graphql-java/graphql-java/pull/4171
- fix build after gradle 9 upgrade by @andimarek in https://github.com/graphql-java/graphql-java/pull/4175
- GQLGW-5297-optimise-incremental-part-execution-for-defer-requests by @llin2 in https://github.com/graphql-java/graphql-java/pull/4174
- Bump actions/checkout from 5 to 6 by @dependabot in https://github.com/graphql-java/graphql-java/pull/4178
- Bump net.bytebuddy:byte-buddy from 1.17.8 to 1.18.1 by @dependabot in https://github.com/graphql-java/graphql-java/pull/4176
- Bump io.projectreactor:reactor-core from 3.7.12 to 3.8.0 by @dependabot in https://github.com/graphql-java/graphql-java/pull/4168
- Bump com.google.errorprone:error_prone_core from 2.43.0 to 2.44.0 by @dependabot in https://github.com/graphql-java/graphql-java/pull/4167
- Fix error: Unusable type signature for overload of graphql.schema.SchemaTraverser::depthFirst #4147 by @marktech0813 in https://github.com/graphql-java/graphql-java/pull/4165
- Getdataloader type bounds by @ctbarbour in https://github.com/graphql-java/graphql-java/pull/4180
- All fields removed from object/interface via field visibility transformer which is reachable via additional types by @andimarek in https://github.com/graphql-java/graphql-java/pull/4203
- fixes complex case for Field visibility transformer. See test case by @andimarek in https://github.com/graphql-java/graphql-java/pull/4205
- Proposal for an additional instrumentation hook point by @tinnou in https://github.com/graphql-java/graphql-java/pull/4206
- Call onExceptionHandled in ChainedInstrumentation by @tinnou in https://github.com/graphql-java/graphql-java/pull/4207
- Add documentation and test for additionalTypes in GraphQLSchema by @andimarek in https://github.com/graphql-java/graphql-java/pull/4208
- Fix schema transformation and Field Visibility for complex deletion cases by @andimarek in https://github.com/graphql-java/graphql-java/pull/4209
- fix javadoc and add github job to verify it explicitly by @andimarek in https://github.com/graphql-java/graphql-java/pull/4210
- Build and test using Java 25 by @yeikel in https://github.com/graphql-java/graphql-java/pull/4173
- #4190 - AST directives holder has a toString() by @bbakerman in https://github.com/graphql-java/graphql-java/pull/4195
- #4182 - code built schemas should perform deprecated non null field validations as well as SDL built ones by @bbakerman in https://github.com/graphql-java/graphql-java/pull/4194
- fixes and improves field visibility by @andimarek in https://github.com/graphql-java/graphql-java/pull/4212
- Fix type collecting for indirect references by @andimarek in https://github.com/graphql-java/graphql-java/pull/4213
- Fix testWithJava21 task running zero tests by @andimarek in https://github.com/graphql-java/graphql-java/pull/4227
- Fix ExecutableNormalizedField to respect GraphqlFieldVisibility by @Samjin in https://github.com/graphql-java/graphql-java/pull/4204
- Consolidate built-in directive handling and move helpers to Directives class by @andimarek in https://github.com/graphql-java/graphql-java/pull/4229
- Add more large schemas for performance testing by @andimarek in https://github.com/graphql-java/graphql-java/pull/4233
- feat: GraphQLSchema.FastBuilder for High-Performance Schema Construction by @rstata in https://github.com/graphql-java/graphql-java/pull/4197
- Bump EnricoMi/publish-unit-test-result-action from 2.21.0 to 2.22.0 by @dependabot in https://github.com/graphql-java/graphql-java/pull/4199
- Bump com.gradleup.shadow from 9.0.0 to 9.3.0 by @dependabot in https://github.com/graphql-java/graphql-java/pull/4189
- Update Objenesis, Spock and Groovy by @m1ngyuan in https://github.com/graphql-java/graphql-java/pull/4240
- Bump gradle-wrapper from 9.2.0 to 9.3.1 by @dependabot in https://github.com/graphql-java/graphql-java/pull/4236
- Bump com.gradleup.shadow from 9.3.0 to 9.3.1 by @dependabot in https://github.com/graphql-java/graphql-java/pull/4235
- Bump org.jetbrains.kotlin.jvm from 2.2.21 to 2.3.0 by @dependabot in https://github.com/graphql-java/graphql-java/pull/4234
- JSpecify big wave 2 by @dondonz in https://github.com/graphql-java/graphql-java/pull/4184
- Fix Windows compatibility: rename files with reserved chars, split large files, add pre-commit hook and CI validation by @Copilot in https://github.com/graphql-java/graphql-java/pull/4239
- Remove incorrect @Nullable from GraphQLSchema.getCodeRegistry() by @andimarek in https://github.com/graphql-java/graphql-java/pull/4247
- OneOf Inhabitability by @jbellenger in https://github.com/graphql-java/graphql-java/pull/4248
- Consolidate validation rules into single OperationValidator and improve performance by @andimarek in https://github.com/graphql-java/graphql-java/pull/4228
- Reduce allocations in Async$Many and ResultPath on execution hot path by @andimarek in https://github.com/graphql-java/graphql-java/pull/4252
- Bump aws-actions/configure-aws-credentials from 5 to 6 by @dependabot in https://github.com/graphql-java/graphql-java/pull/4241
- Bump org.testng:testng from 7.11.0 to 7.12.0 by @dependabot in https://github.com/graphql-java/graphql-java/pull/4242
- Bump com.fasterxml.jackson.core:jackson-databind from 2.20.1 to 2.21.0 by @dependabot in https://github.com/graphql-java/graphql-java/pull/4243
- Bump net.ltgt.errorprone from 4.3.0 to 5.0.0 by @dependabot in https://github.com/graphql-java/graphql-java/pull/4246
- Fix SchemaTransformerBenchmark to pass schema validation by @andimarek in https://github.com/graphql-java/graphql-java/pull/4255
- Add generic DataFetcherResult.newBuilder(T data) method by @jord1e in https://github.com/graphql-java/graphql-java/pull/4254
- Benchmark introspection against multiple large schemas by @andimarek in https://github.com/graphql-java/graphql-java/pull/4260
- Bump net.bytebuddy:byte-buddy from 1.18.1 to 1.18.5 by @dependabot in https://github.com/graphql-java/graphql-java/pull/4265
- Bump com.fasterxml.jackson.core:jackson-databind from 2.21.0 to 2.21.1 by @dependabot in https://github.com/graphql-java/graphql-java/pull/4266
- Bump me.bechberger:ap-loader-all from 4.0-10 to 4.3-12 by @dependabot in https://github.com/graphql-java/graphql-java/pull/4264
- Bump com.google.errorprone:error_prone_core from 2.44.0 to 2.47.0 by @dependabot in https://github.com/graphql-java/graphql-java/pull/4244
- Bump EnricoMi/publish-unit-test-result-action from 2.22.0 to 2.23.0 by @dependabot in https://github.com/graphql-java/graphql-java/pull/4262
- Re-add GraphQLSchema.Builder.clearDirectives() by @rstata in https://github.com/graphql-java/graphql-java/pull/4276
- Add performance results dashboard subproject by @andimarek in https://github.com/graphql-java/graphql-java/pull/4277
- Fix jar file naming when branch contains slashes by @andimarek in https://github.com/graphql-java/graphql-java/pull/4290
- Fix overlapping fields null type regression from 072165b by @andimarek in https://github.com/graphql-java/graphql-java/pull/4291
- Small typo fixed by @zkozina in https://github.com/graphql-java/graphql-java/pull/4273
- Check in field visibility transformer test - union member error now fixed by @dondonz in https://github.com/graphql-java/graphql-java/pull/4275
- Add test & coverage reporting to PR comments and master baseline by @andimarek in https://github.com/graphql-java/graphql-java/pull/4292
- Fix spec303 flaky failure in ordered publisher TCK tests by @andimarek in https://github.com/graphql-java/graphql-java/pull/4293
- Add unified allBuildAndTestSuccessful CI check by @andimarek in https://github.com/graphql-java/graphql-java/pull/4294
- Fix CompletionStageSubscriber race condition, add jcstress tests and CI coverage gate by @andimarek in https://github.com/graphql-java/graphql-java/pull/4296
- Extract shared JaCoCo parser and fix self-closing tag bug by @andimarek in https://github.com/graphql-java/graphql-java/pull/4300
- Add Dependabot auto-merge workflow by @dondonz in https://github.com/graphql-java/graphql-java/pull/4298
- Bump net.bytebuddy:byte-buddy from 1.18.5 to 1.18.7 by @dependabot in https://github.com/graphql-java/graphql-java/pull/4286
- Bump net.ltgt.errorprone from 5.0.0 to 5.1.0 by @dependabot in https://github.com/graphql-java/graphql-java/pull/4285
- Bump io.projectreactor:reactor-core from 3.8.0 to 3.8.3 by @dependabot in https://github.com/graphql-java/graphql-java/pull/4283
- Bump org.jetbrains.kotlin.jvm from 2.3.0 to 2.3.10 by @dependabot in https://github.com/graphql-java/graphql-java/pull/4282
- Bump actions/upload-pages-artifact from 3 to 4 by @dependabot in https://github.com/graphql-java/graphql-java/pull/4281
- Add agentic CI doctor workflow by @dondonz in https://github.com/graphql-java/graphql-java/pull/4258
- Bump com.google.errorprone:error_prone_core from 2.47.0 to 2.48.0 by @dependabot in https://github.com/graphql-java/graphql-java/pull/4284
- Fix Dependabot auto-merge showing as skipped check on all PRs by @dondonz in https://github.com/graphql-java/graphql-java/pull/4304
- Add JSpecify annotations to execution instrumentation classes (10 more) by @dondonz in https://github.com/graphql-java/graphql-java/pull/4272
- Add unit tests for ExhaustedDataLoaderDispatchStrategy by @andimarek in https://github.com/graphql-java/graphql-java/pull/4306
- Fix flaky DataLoaderPerformanceTest with deterministic synchronization by @andimarek in https://github.com/graphql-java/graphql-java/pull/4299
- Add unit tests for PerLevelDataLoaderDispatchStrategy coverage by @andimarek in https://github.com/graphql-java/graphql-java/pull/4308
- Fix findPubliclyAccessibleMethod to search interfaces for accessible methods by @andimarek in https://github.com/graphql-java/graphql-java/pull/4287
- Fix dataloader dispatch in @defer when multiple deferred fragments exist by @timward60 in https://github.com/graphql-java/graphql-java/pull/4270
- Bump actions/upload-artifact from 4 to 7 by @dependabot in https://github.com/graphql-java/graphql-java/pull/4315
- Bump org.ow2.asm:asm from 9.7.1 to 9.9.1 by @dependabot in https://github.com/graphql-java/graphql-java/pull/4318
- Bump org.junit.jupiter:junit-jupiter from 5.14.1 to 5.14.3 by @dependabot in https://github.com/graphql-java/graphql-java/pull/4321
- Improve coverage gate: hybrid regression check + method-level detail reporting by @andimarek in https://github.com/graphql-java/graphql-java/pull/4324
- Fix ShallowTypeRefCollector: resolve type refs in applied directive arguments by @rstata in https://github.com/graphql-java/graphql-java/pull/4288
- Bump actions/download-artifact from 4 to 8 by @dependabot in https://github.com/graphql-java/graphql-java/pull/4323
- Bump actions/github-script from 7 to 8 by @dependabot in https://github.com/graphql-java/graphql-java/pull/4322
- Bump github/gh-aw from 0.49.0 to 0.56.2 by @dependabot in https://github.com/graphql-java/graphql-java/pull/4319
- Update agents.md to improve AI assisted PRs by @dondonz in https://github.com/graphql-java/graphql-java/pull/4305
- Add deterministic CAS retry tests for ExhaustedDataLoaderDispatchStrategy by @andimarek in https://github.com/graphql-java/graphql-java/pull/4329
- Default test task to Java 25 only by @andimarek in https://github.com/graphql-java/graphql-java/pull/4330
- Change Dependabot update schedule from weekly to monthly by @dondonz in https://github.com/graphql-java/graphql-java/pull/4326
- Bump gradle-wrapper from 9.3.1 to 9.4.0 by @dependabot in https://github.com/graphql-java/graphql-java/pull/4333
- Bump github/gh-aw from 0.56.2 to 0.57.2 by @dependabot in https://github.com/graphql-java/graphql-java/pull/4334
- Bump org.junit.platform:junit-platform-launcher from 1.14.1 to 1.14.3 by @dependabot in https://github.com/graphql-java/graphql-java/pull/4335
- Bump io.projectreactor:reactor-core from 3.8.3 to 3.8.4 by @dependabot in https://github.com/graphql-java/graphql-java/pull/4336
- Bump com.gradleup.shadow from 9.3.1 to 9.3.2 by @dependabot in https://github.com/graphql-java/graphql-java/pull/4337
- Agentic CI doctor to ignore coverage gate warnings by @dondonz in https://github.com/graphql-java/graphql-java/pull/4340
- This adds support for QueryAppliedDirective on operations and documents by @bbakerman in https://github.com/graphql-java/graphql-java/pull/4297
- Never package bytecode-modified class files in published JARs by @andimarek in https://github.com/graphql-java/graphql-java/pull/4343
- Add dangerous Unicode character detection (Trojan Source / glassworm) by @andimarek in https://github.com/graphql-java/graphql-java/pull/4344
- Add JSpecify annotations to language package nodes - redo (12 more) by @dondonz in https://github.com/graphql-java/graphql-java/pull/4257
- Add JSpecify annotations to 10 classes in graphql.language package and improve annotation prompt by @Copilot in https://github.com/graphql-java/graphql-java/pull/4216
- Disable no-op issue reporting for CI Failure Doctor by @dondonz in https://github.com/graphql-java/graphql-java/pull/4346
- Add JSpecify annotations to 10 graphql.language classes by @Copilot in https://github.com/graphql-java/graphql-java/pull/4217
- Add query complexity limits and refactor GoodFaithIntrospection to use validation by @andimarek in https://github.com/graphql-java/graphql-java/pull/4256
- Remove agentic CI doctor pipeline by @dondonz in https://github.com/graphql-java/graphql-java/pull/4354
- Bump net.bytebuddy:byte-buddy from 1.18.7 to 1.18.8 by @dependabot in https://github.com/graphql-java/graphql-java/pull/4356
- Bump gradle/actions from 5 to 6 by @dependabot in https://github.com/graphql-java/graphql-java/pull/4357
- Bump actions/deploy-pages from 4 to 5 by @dependabot in https://github.com/graphql-java/graphql-java/pull/4358
- Bump org.jetbrains.kotlin.jvm from 2.3.10 to 2.3.20 by @dependabot in https://github.com/graphql-java/graphql-java/pull/4360
- Bump me.bechberger:ap-loader-all from 4.3-12 to 4.3-13 by @dependabot in https://github.com/graphql-java/graphql-java/pull/4361
- Bump org.apache.groovy:groovy from 5.0.4 to 5.0.5 by @dependabot in https://github.com/graphql-java/graphql-java/pull/4363
- Bump actions/configure-pages from 5 to 6 by @dependabot in https://github.com/graphql-java/graphql-java/pull/4359
- Add JSpecify annotations to 10 language package classes by @Copilot in https://github.com/graphql-java/graphql-java/pull/4218
- Add JSpecify annotations to 10 language package classes by @Copilot in https://github.com/graphql-java/graphql-java/pull/4219
- JSpecify big wave 3 by @dondonz in https://github.com/graphql-java/graphql-java/pull/4274
- @Copilot made their first contribution in https://github.com/graphql-java/graphql-java/pull/4171
- @llin2 made their first contribution in https://github.com/graphql-java/graphql-java/pull/4174
- @marktech0813 made their first contribution in https://github.com/graphql-java/graphql-java/pull/4165
- @ctbarbour made their first contribution in https://github.com/graphql-java/graphql-java/pull/4180
- @Samjin made their first contribution in https://github.com/graphql-java/graphql-java/pull/4204
- @rstata made their first contribution in https://github.com/graphql-java/graphql-java/pull/4197
- @m1ngyuan made their first contribution in https://github.com/graphql-java/graphql-java/pull/4240
- @zkozina made their first contribution in https://github.com/graphql-java/graphql-java/pull/4273
Full Changelog: https://github.com/graphql-java/graphql-java/compare/v25.0...v26.0
3.5.6
- Bump com.fasterxml.jackson.core:jackson-databind from 2.18.5 to 2.18.6 #3687
- Bump io.projectreactor:reactor-bom from 2024.0.15 to 2024.0.16 #3701
- Bump io.projectreactor:reactor-bom from 2024.0.16 to 2024.0.17 #3741
- Bump io.spring.gradle:spring-security-release-plugin from 1.0.14 to 1.0.15 #3710
- Bump org.mariadb.jdbc:mariadb-java-client from 3.5.7 to 3.5.8 #3735
- Bump org.springframework.boot:spring-boot-gradle-plugin from 3.5.11-SNAPSHOT to 3.5.12-SNAPSHOT #3686
- Bump org.springframework.boot:spring-boot-gradle-plugin from 3.5.12-SNAPSHOT to 3.5.13-SNAPSHOT #3713
- Bump org.springframework.boot:spring-boot-gradle-plugin from 3.5.13-SNAPSHOT to 3.5.14-SNAPSHOT #3727
- Bump org.springframework.data:spring-data-bom from 2025.0.10 to 2025.0.11 #3747
- Bump org.springframework.data:spring-data-bom from 2025.0.9 to 2025.0.10 #3707
- Bump org.springframework.security:spring-security-bom from 6.5.8 to 6.5.9 #3711
- Bump org.springframework.security:spring-security-bom from 6.5.9 to 6.5.10 #3751
- Bump org.springframework:spring-framework-bom from 6.2.16 to 6.2.17 #3706
- Bump org.springframework:spring-framework-bom from 6.2.17 to 6.2.18 #3748
- Release 3.5.6 #3684